Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us...

25
Elastic Search Gain Insight Into Your Enterprise

Transcript of Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us...

Page 1: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Elastic Search

Gain Insight Into Your Enterprise

Page 2: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

About us

University of Wisconsin – Milwaukee

University IT Services

• Chris Spadanuda – Associate Director Enterprise Services

• Ben Seefeldt – Lead Administrator IT Architecture and Infrastructure

• John Goodman – Manager, Identity and Access Management

Page 3: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

About UWM Enterprise Services

• Identity and Access Management

• Systems Support

• Business Applications

Page 4: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

UW Digital ID

UWM ePantherID

Page 5: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate
Page 6: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Enterprise Services - Goals

• Manage demand (MFA, Unified Communications, Storage, etc.)

• Modernize IAM infrastructure

• Update and refresh Data Center infrastructure

• Transition to cloud services – AWS, Azure

• Continue to increase compliance and security

Page 7: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

More data = More insight = More action• Early efforts

– Syslog Server, Splunk, AD Audit

• Information we wanted and problems to solve– Patch levels– Phishing mitigation– Identity login locations– Service performance– What applications and users are using our services– Service dependencies– Service utilization– Audit response and security (long term and short term)

Page 8: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

The Elastic Stack

Page 9: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Logstash

• Inputs

• Filters

• Outputs

Page 10: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Elasticsearch

• Indices

• Index templates

Page 11: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Ingestion

• Pipelines

• Data enrichment

Page 12: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Kibana

• Fields

• Index Patterns

Page 13: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Architecture

Page 14: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Architecture

Page 15: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Fields

• Timestamp

• Agent

• Client IP

• Geolocation

• Server IP

• Http_status

• Request uri

Page 16: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Data Types

• String

• Numeric

• Date

• Boolean

• Binary

• Array

• Objects

Page 17: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Aggregations

• Building blocks towards more complex data summaries

• Buckets: Match relevant data based on defined criteria

• Metric: Track and compute information from a set of documents

Page 18: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Visualizations

• Based upon queries

• Dashboards

• Bar graphs

• Pie charts

• Tables

• Coordinate maps

Page 19: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Identifying Data Sources

• Authentication attempts (Success / Failure)

• Load balancer performance

• Webpage load times

• Error status

• Sourcing service usage

• Identify client software connections (OS / Browser type)

Page 20: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Putting Data Into Action

• Office 365 authentication attempts

• Geolocation of authentication attempts

• Correlating similar authentication attempts

• Identifying user impact

Page 21: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Compromised Accounts

Page 22: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Compromised Accounts

Page 23: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Compromised Accounts

Page 24: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Compromised Accounts

Page 25: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate

Demo


Use Cases for Elastic Search Percolator

Use Cases for Elastic Search Percolator

Dcm#8 elastic search

Dcm#8 elastic search

quick intro to elastic search

quick intro to elastic search

ELASTIC SEARCH, LOGSTASH, KIBANA & BEATS · Installing Elastic Search Once the ubuntu 16 Server is up, install java using ‚apt-get install openjdk-8-jre-headless Create a directory

ELASTIC SEARCH, LOGSTASH, KIBANA & BEATS · Installing Elastic Search Once the ubuntu 16 Server is up, install java using ‚apt-get install openjdk-8-jre-headless Create a directory

A1: ELASTIC SEARCH VS RDBMS

A1: ELASTIC SEARCH VS RDBMS

BlaBlaCar Elastic Search Feedback

BlaBlaCar Elastic Search Feedback

Cloud scaling of Visual Weather - ECMWF · AWS SQS ASW SNS AWS Elastic Search Metadata AWS DynamoDB Unique numbers. 11 G.E.D. client AWS Elastic Search Metadata AWS S3 Grid Processor

Cloud scaling of Visual Weather - ECMWF · AWS SQS ASW SNS AWS Elastic Search Metadata AWS DynamoDB Unique numbers. 11 G.E.D. client AWS Elastic Search Metadata AWS S3 Grid Processor

Иван Новиков «Elastic search»

Иван Новиков «Elastic search»

Elastic Path Intelligent Search · Intelligent Search. 2 Elastic Path Intelligent Search Defining the future of digital commerce, Elastic Path develops the world’s most sophisticated

Elastic Path Intelligent Search · Intelligent Search. 2 Elastic Path Intelligent Search Defining the future of digital commerce, Elastic Path develops the world’s most sophisticated

Workshop Elasticsearch @Ecole 42 · Workshop Elasticsearch @Ecole 42 David Pilato Elastic, @dadoonet. Store, Search, & Analyze Visualize & Manage Ingest Elastic Stack SOLUTIONS Elastic

Workshop Elasticsearch @Ecole 42 · Workshop Elasticsearch @Ecole 42 David Pilato Elastic, @dadoonet. Store, Search, & Analyze Visualize & Manage Ingest Elastic Stack SOLUTIONS Elastic

CEOS Open Search Developer Guideceos.org/.../02/CEOS-Open-Search-Developer-Guide.pdf · title="This parameter follows the elastic search free text search implementations" />

CEOS Open Search Developer Guideceos.org/.../02/CEOS-Open-Search-Developer-Guide.pdf · title="This parameter follows the elastic search free text search implementations" />

Elastic search Walkthrough

Elastic search Walkthrough

Elastic Search @ mtc

Elastic Search @ mtc

Couchbase 105: Realtime analytics and reporting using Couchbase with Elastic Search + Kibana, and Node.js

Couchbase 105: Realtime analytics and reporting using Couchbase with Elastic Search + Kibana, and Node.js

Elastic Search - disa.fi.muni.czdisa.fi.muni.cz/wp-content/uploads/elastic-presentation.pdf · Distributed • Multiple nodes running in single cluster • Data are split into shards

Elastic Search - disa.fi.muni.czdisa.fi.muni.cz/wp-content/uploads/elastic-presentation.pdf · Distributed • Multiple nodes running in single cluster • Data are split into shards

Transit from SQL to Elastic Search - Meetupfiles.meetup.com/19156515/ElasticSearch_Session1.pdf · WHY ELASTIC SEARCH Highly scalable open-source full-text search and analytics engine

Transit from SQL to Elastic Search - Meetupfiles.meetup.com/19156515/ElasticSearch_Session1.pdf · WHY ELASTIC SEARCH Highly scalable open-source full-text search and analytics engine

Elastic L&L.pdfElastic Search, Observe, Protect Jhon@Elastic.co Principal Solutions Architect 2 /me Jhon Masschelein Jhon@Elastic.co Elastic Solution Architect (1y) Microsoft Azure

Elastic L&L.pdfElastic Search, Observe, Protect [email protected] Principal Solutions Architect 2 /me Jhon Masschelein [email protected] Elastic Solution Architect (1y) Microsoft Azure

Elastic Stack Monitor your Services · Elastic Stack Monitor your Services. 2 Agenda ... SEARCH SECURITY ANALYTICS Monitor your Elastic Stack Find links in your data Be alerted on

Elastic Stack Monitor your Services · Elastic Stack Monitor your Services. 2 Agenda ... SEARCH SECURITY ANALYTICS Monitor your Elastic Stack Find links in your data Be alerted on

Pushing Counter Strike logs into Elastic Search (ELK)

Pushing Counter Strike logs into Elastic Search (ELK)

Elastic Search: Beyond Ordinary Fulltext Search (Webexpo 2011 Prague)

Elastic Search: Beyond Ordinary Fulltext Search (Webexpo 2011 Prague)